Using model-driven development to reduce system software security vulnerabilities
Using model-driven development to reduce system software security vulnerabilities
Guy Broadfoot, Verum Software Technologies
embedded.com (March 09, 2014)
The majority of embedded software developers using traditional programming languages such as C and C++ make use of processes and techniques inherent in the language to improve reliability and reduce security flaws. However, another approach that has met with increasing success is the use of model-driven design (MDD).
The premise of MDD is to raise the abstraction of software development from the low-level imperative programming language that is fraught with opportunities to shoot one’s self in the foot to a higher-level modeling language that reduces the distance between design and implementation and by doing so reduces the flaws that lead to security and safety failures.
Modeling lends itself better to formal proofs of specifications and security policies than do traditional programming languages. Indeed, a side benefit of using some MDD platforms – especially the ones that support formal methods and automatic code generation - is the ability to make formal arguments regarding the correspondence between specification, design, and implementation, a core challenge in all formal approaches. The following will deal with MDD methods that lend themselves to formal analysis and therefore raise the assurance of quality, safety, and security.
E-mail This Article | Printer-Friendly Page |
Related Articles
- Automotive System & Software Development Challenges - Part 2
- Automotive System & Software Development Challenges - Part 1
- Validate hardware/software for nextgen mobile/consumer apps using software-on-chip system development tools
- Using unified modeling methods to reduce embedded hardware/software development
- Improving Software Development and Verification Productivity Using Intellectual Property (IP) Based System Prototyping
New Articles
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Advanced Packaging and Chiplets Can Be for Everyone
- Timing Optimization Technique Using Useful Skew in 5nm Technology Node
- Streamlining SoC Design with IDS-Integrate™
- Last-Time Buy Notifications For Your ASICs? How To Make the Most of It
Most Popular
- Advanced Packaging and Chiplets Can Be for Everyone
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
- Timing Optimization Technique Using Useful Skew in 5nm Technology Node
- Streamlining SoC Design with IDS-Integrate™
- System Verilog Assertions Simplified